From 8e28a79aa0728cecc01bdaab94b3cecc5421cdc5 Mon Sep 17 00:00:00 2001
From: "Builder.io" <builder-bot@builder.io>
Date: Tue, 14 Oct 2025 07:59:52 +0000
Subject: [PATCH] Add check-verification endpoint before admin-backed APIs

cgen-70d1bfed627448379a1aa1eddefb51c9
---
 server/index.ts | 33 +++++++++++++++++++++++++++++++++
 1 file changed, 33 insertions(+)

diff --git a/server/index.ts b/server/index.ts
index badd89a9..36ee6de5 100644
--- a/server/index.ts
+++ b/server/index.ts
@@ -103,6 +103,39 @@ export function createServer() {
     }
   });
 
+  app.post("/api/auth/check-verification", async (req, res) => {
+    const { email } = (req.body || {}) as { email?: string };
+
+    if (!email) {
+      return res.status(400).json({ error: "email is required" });
+    }
+
+    if (!adminSupabase?.auth?.admin) {
+      return res
+        .status(500)
+        .json({ error: "Supabase admin client unavailable" });
+    }
+
+    try {
+      const { data, error } = await adminSupabase.auth.admin.listUsers({ email });
+      if (error) {
+        console.error("[API] listUsers error:", error);
+        return res.status(error.status ?? 500).json({ error: error.message || String(error) });
+      }
+
+      const user = (data as any)?.users?.[0] ?? null;
+      if (!user) {
+        return res.status(404).json({ error: "User not found" });
+      }
+
+      const verified = Boolean(user?.email_confirmed_at || user?.confirmed_at);
+      return res.json({ verified, user });
+    } catch (e: any) {
+      console.error("[API] check verification exception", e);
+      return res.status(500).json({ error: e?.message || String(e) });
+    }
+  });
+
   // Admin-backed API (service role)
   try {
     const ownerEmail = (